Financial Services Cybersecurity Roundtable, Speaker: National Cyber-Forensics and Training Alliance. The Financial Services Cybersecurity Roundtable is a cross-organizational, cross-organizational “learning community” committed to working together to better protect our community from bank fraud, credit card theft, identity theft and other forms of cyber crime. City National Bank, April 7, 2017, 7:30 – 10:00AM

Pasadena / Glendale Cybersecurity Roundtable. Speaker: Warren Kato, LA County DA Office, “Cyber-Crime: The Anatomy of a Breach.” The Pasadena Cybersecurity Roundtable is designed to support communication and collaboration between C-Suite executives and cybersecurity experts. This roundtable is intended for both for-profits and not-for-profits and functions as a cross-organizational “learning community” committed to working together to better protect our community from cybercrime. April 13, 7:30 – 10:00AM

Individuals at Risk

Identity Theft

Govt. Cybersecurity Contractor Hit in W-2 Phishing Scam: Just a friendly reminder that phishing scams which spoof the boss and request W-2 tax data on employees are intensifying as tax time nears. The latest victim shows that even cybersecurity experts can fall prey to these increasingly sophisticated attacks. KrebsOnSecurity, March 17, 2017

Cyber Update

Adobe, Microsoft Push Critical Security Fixes: Adobe and Microsoft each pushed out security updates for their products today. Adobe plugged at least seven security holes in its Flash Player software. Microsoft, which delayed last month’s Patch Tuesday until today, issued an unusually large number of update bundles (18) to fix dozens of flaws in Windows and associated software. KrebsOnSecurity, March 14, 2017

Cyber Defense

Basic password security tips to help you foil hackers: NEW YORK — Details from this week’s federal indictment of Russian hackers charged with compromising hundreds of millions of Yahoo accounts reveal that many people are still not taking routine precautions to safeguard their email accounts — and hackers are exploiting that. CBS, March 17, 2017

Information Security Management in the Organization

Information Security Management and Governance

HR data security: 5 questions to ask IT today: It can be comforting to think that the people safeguarding your company’s network have it all under control, but before you add even one more sensitive file , find out just how secure your systems are by asking IT these questions…Business Insider, March 17, 2017

A cybersecurity risk assessment is a critical part of M&A due diligence: As of mid-February, the plan for Verizon Communications to acquire a majority of Yahoo’s web assets is still on, despite the announcement of Yahoo having suffered two massive breaches of customer data in 2013 and 2014. The sale price, however, has been discounted by $350 million, and Verizon and Altaba Inc. have agreed to share any ongoing legal responsibilities related to the breaches. Altaba is the entity that will own the portion of Yahoo that Verizon is not acquiring. NetworkWorld, March 17, 2017

Cyber Awareness

How did Yahoo get breached? Employee got spear phished, FBI suggests: SAN FRANCISCO—The indictment unsealed Wednesday by US authorities against two agents of the Russian Federal Security Service, or FSB, (Dmitry Dokuchaev and Igor Sushchin) and two hackers (Alexsey Belan and Karim Baratov) provides some details of how Yahoo was pillaged of user data and its own technology over a period of over two years. But at a follow-up briefing at the FBI office here today, officials gave fresh insight into how they think the hack began—with a “spear phishing” e-mail to a Yahoo employee early in 2014. ars technica, March 15, 2017

Nudging Towards Security – Part 4, Sahil Bansal: Traditional Approach of Security Communications – Employees behave in a particular way because there is something that motivates them to do so. Traditionally, the information security teams of organizations have relied on fear as a motivator to drive the right behavior. Highlighting the consequences of not following the right process, citing cases where extreme actions were taken on employees, exaggerating situations to scare employees into believing terrible outcomes could occur, information security has always been about locking down things and scaring the hell out of people. Clearly, it hasn’t worked. SANS, March 9, 2017

Cyber Warning

Unpatched flaw opens Ubiquiti Networks devices to compromise: A critical vulnerability in many of Ubiquiti Networks’ networking devices can be exploited by attackers to take over control of the device and, if that device acts as a router or firewall, to take over the whole network. HelpNetSecurity, March 17, 2017

Cyber Defense

Cyber Talent

A New Study Suggests the Serious Gender Gap in Cybersecurity Jobs Isn’t Getting Better: Johanna Vazzana knew the job she’d applied for was a stretch. Vazzana, now a cybersecurity strategist working at Mitre, was interviewing early in her career for a technical cybersecurity position with a Fortune 500 company. Though she lacked a computer science degree, she’d taught herself relevant skills and racked up certifications that she hoped would fill in the educational and experiential gaps. Slate, March 17, 2017

Cyber Security in Society

Cyber Crime

Krebs’ analysis of restaurant cyber-breach exposes POS vendor weaknesses: For the second time in the past nine months, Google has inadvertently but nonetheless correctly helped to identify the source of a large credit card breach — by assigning a “This site may be hacked” warning beneath the search results for the Web site of a victimized merchant. KrebsOnSecurity, March 16, 2017

Trump budget includes big money for cybersecurity: President Donald Trump’s proposed fiscal year 2018 budget introduced Thursday would boost cybersecurity efforts at several federal agencies, including the Pentagon, the Treasury Department and NASA. Though less of a cross-department priority, the budget also calls for more investment in IT to help improve the management and effectiveness of government. CIO Dive, March 17, 2017

Cyber War I has already begun: To each American administration, its war. Which will be Donald Trump’s? There is good reason to fear it could be the Second Korean War, with craziness in North Korea and chaos in the South. Or it could be yet another quagmire in the Middle East. Trump’s most excitable critics keep warning that World War III will happen on his watch. But I am more worried about Cyber War I – especially as it has already begun. Harvard Kennedy School Belfer Center, March 15, 2017

Deterrence and Dissuasion in Cyberspace: Can states deter adversaries in cyberspace? Analogies drawn from nuclear deterrence mislead; nuclear deterrence aims for total prevention, whereas states do not expect to prevent every cyberattack. Additionally, cyber deterrence is possible even though it can be hard to identify the source of a cyberattack. Attribution problems do not hinder three of the major forms of cyber deterrence: denial, entanglement, and normative taboos. Harvard Kennedy School Belfer Center, Winter 2016/17

America must defend itself against the real national security menace: This week, we have watched the perfect example of a country fighting the last war. The Trump administration has devoted weeks of energy and political capital to rolling out its temporary travel ban against citizens of six Muslim-majority countries, none of whom, according to the libertarian Cato Institute, have committed a single deadly terrorist attack in the United States over the past four decades. Meanwhile, the White House’s response to a devastating barrage of WikiLeaks disclosures that will compromise U.S. security for years was a general vow to prosecute leakers. Fareed Zakaria, The Washington Post, March 9, 2017

Know Your Enemy

Churn Under the Surface of Global Cybercrime: Global cybercrime actors generally adhere to the same principal as a handyman: If it’s not broken, don’t fix it. But that’s not so easy when malware works in one area and attackers want to use it to target a new audience or geography. SecurityIntelligence, March 17, 2017

Four Men Charged With Hacking 500M Yahoo Accounts: The U.S. Justice Department today unsealed indictments against four men accused of hacking into a half-billion Yahoo email accounts. Two of the men named in the indictments worked for a unit of the Russian Federal Security Service (FSB) that serves as the FBI’s point of contact in Moscow on cybercrime cases. Here’s a look at the accused, starting with a 22-year-old who apparently did not try to hide his tracks. KrebsOnSecurity, March 15, 2017

Russian Spies, Two Others, Indicted in Yahoo Hack: Two of the four individuals indicted for hacking Yahoo in 2014, exposing 500 million user accounts, work for a Russian intelligence service unit that the FBI collaborates with on international cybercrime investigations. BankInfoSecurity, March 15, 2017

Cyber Miscellany

Despite Breaches, Yahoo CEO Gets Golden Parachute: Search giant Yahoo suffered two massive data breaches during the tenure of CEO Marissa Mayer. But when the company wraps up the sale of its primary businesses to Verizon for $4.48 billion in cash, Mayer is set to exit with an extra $23 million in compensation, minus her title as head of Yahoo or CEO of the investment company Altaba being formed by what’s left. BankInfoSecurity, March 14, 2017